Method and system for bidirectional bitwise constant propogation by abstract interpretation

ABSTRACT

A method and system for bidirectional bitwise constant propagation by abstract interpretation is disclosed. In one embodiment, the method performs optimizing an implementation of a programming language, comprising; analyzing one or more values computed by a program written in the programming language, wherein analyzing one or more values comprises; representing each bit within a value of the one or more values as an abstract element of a lattice having a set of abstract elements including 0 A , 1 A , ⊥ A  and T A , wherein the lattice is an abstraction of a concrete domain containing 0, 1, and ⊥; analyzing one or more output bits that are produced by an operation in terms of one or more input bits that are input to the operation; and analyzing the input bits that are input to the operation in terms of the output bits that are produced by the operation.

FIELD OF THE INVENTION

[0001] This invention relates to computer software programming language implementation systems, and more specifically to a computer software programming language implementation system that performs bidirectional bitwise constant propogation by abstract interpretation.

BACKGROUND OF THE INVENTION

[0002] There are several areas in which compiler optimization literature exists within the field of computer software programming language implementation systems. Well-known techniques for optimizing compilation use abstract interpretation based static analysis. The most important work in this field is the extensive work of Patrick and Radhia Cousot, and the derivative and related work of Samson Abramsky, Chris Hankin, Alan Mycroft, Flemming, and Nielson. This body of work is primarily foundational in nature, and does not emphasize the application of the techniques in a practical setting, e.g., an optimizing C compiler. Among applications of abstract interpretation, the most nearly related is the work on strictness analysis, which is a technique in which functions are analyzed to discover when they are strict in (dependent upon) their arguments in the sense that a non-terminating argument computation will mean non-termination of the function as a whole. This notion of strictness is closely related to the definition of Boolean operations on undefined values, in that it provides for defined results in the presence of undefined inputs. However, the setting of strictness analysis is quite different because strictness analysis pertains to functional programs whose values are higher order types in the lambda calculus (where non-termination is a routine feature of computations).

[0003] Another area in which compiler optimization literature exists is constant propagation. In addition to classic results, based on dataflow analysis, outlined in compiler texts like Aho and Ullman, and Muchnick, Wegman and Zadeck have developed a conditional constant propagation algorithm, and several refinements of their technique have been reported. Various algorithms based on value numbering are concerned with the analysis of values at compile time.

BRIEF DESCRIPTION OF THE DRAWINGS

[0004] The accompanying drawings, which are included as part of the present specification, illustrate the presently preferred embodiment of the present invention and together with the general description given above and the detailed description of the preferred embodiment given below serve to explain and teach the principles of the present invention.

[0005]FIG. 1 illustrates a computer system representing an integrated multi-processor, in which elements of the present invention may be implemented.

[0006]FIG. 2 illustrates an exemplary representation of the components of the present system and method.

[0007]FIG. 3 illustrates a representation for the abstract domain 220 that facilitates efficient program analysis using the abstract semantics A_(b) 241 and A_(f) 242.

[0008]FIG. 4 illustrates an exemplary concrete domain according to one embodiment of the present invention.

[0009]FIG. 5 illustrates a flow diagram of a method 500 for optimizing an implementation of a programming language.

DETAILED DESCRIPTION

[0010] A method and system for bidirectional bitwise constant propogation by abstract interpretation is disclosed. In one embodiment, the method performs optimizing an implementation of a programming language, comprising; analyzing one or more values computed by a program written in the programming language, wherein analyzing one or more values comprises; representing each bit within a value of the one or more values as an abstract element of a lattice having a set of abstract elements including 0_(A), 1_(A), ⊥_(A) and T_(A), wherein the lattice is an abstraction of a concrete domain containing 0, 1, and ⊥; analyzing one or more output bits that are produced by an operation in terms of one or more input bits that are input to the operation; and analyzing the input bits that are input to the operation in terms of the output bits that are produced by the operation.

[0011] In the following description, for purposes of explanation, specific nomenclature is set forth to provide a thorough understanding of the present invention. However, it will be apparent to one skilled in the art that these specific details are not required in order to practice the present invention.

[0012] Some portions of the detailed descriptions that follow are presented in terms of algorithms and symbolic representations of operations on data bits within a computer memory. These algorithmic descriptions and representations are the means used by those skilled in the data processing arts to most effectively convey the substance of their work to others skilled in the art. An algorithm is here, and generally, conceived to be a self-consistent sequence of steps leading to a desired result. The steps are those requiring physical manipulations of physical quantities. Usually, though not necessarily, these quantities take the form of electrical or magnetic signals capable of being stored, transferred, combined, compared, and otherwise manipulated. It has proven convenient at times, principally for reasons of common usage, to refer to these signals as bits, values, elements, symbols, characters, terms, numbers, or the like.

[0013] It should be borne in mind, however, that all of these and similar terms are to be associated with the appropriate physical quantities and are merely convenient labels applied to these quantities. Unless specifically stated otherwise as apparent from the following discussion, it is appreciated that throughout the description, discussions utilizing terms such as “processing” or “computing” or “calculating” or “determining” or “displaying” or the like, refer to the action and processes of a computer system, or similar electronic computing device, that manipulates and transforms data represented as physical (electronic) quantities within the computer system's registers and memories into other data similarly represented as physical quantities within the computer system memories or registers or other such information storage, transmission or display devices.

[0014] The present invention also relates to apparatus for performing the operations herein. This apparatus may be specially constructed for the required purposes, or it may comprise a general-purpose computer selectively activated or reconfigured by a computer program stored in the computer. Such a computer program may be stored in a computer readable storage medium, such as, but is not limited to, any type of disk including floppy disks, optical disks, CD-ROMs, and magnetic-optical disks, read-only memories (ROMs), random access memories (RAMs), EPROMs, EEPROMs, magnetic or optical cards, or any type of media suitable for storing electronic instructions, and each coupled to a computer system bus.

[0015] The algorithms and displays presented herein are not inherently related to any particular computer or other apparatus. Various general purpose systems may be used with programs in accordance with the teachings herein, or it may prove convenient to construct more specialized apparatus to perform the required method steps. The required structure for a variety of these systems will appear from the description below. In addition, the present invention is not described with reference to any particular programming language. It will be appreciated that a variety of programming languages may be used to implement the teachings of the invention as described herein.

[0016] Numerous compiler optimizations are driven by information concerning the values that are computed by a program, including which values are constant and, if so, what their values are. The discovery of such information is called constant propagation. The present method and system moves beyond traditional constant propagation in that: it

[0017] analyzes computations at the level of individual bits, so that a value may be discovered to be partially constant, i.e., constant in some bits but not in others; and

[0018] discovers that individual bits are undefined or unused by a program, with powerful consequences for optimization.

[0019] The present method may be performed efficiently on entire programs, provided that an alias analysis is available which partitions the memory accesses of the program into equivalence classes based on potential overlap. It requires essentially no type information from the program, and hence may be performed on high-level languages, assembly language, and machine code alike. The present method and system may be used to solve many problems, such as:

[0020] constant folding (replacing computations by their constant values);

[0021] dead code elimination (elimination of unused compuations);

[0022] elimination of undefined computations;

[0023] algebraic simplification;

[0024] determination of alignment of memory addresses; and

[0025] semantics-preserving demotion of integer arithmetic to smaller precision (as a step towards vectorization using MMX-like instructions, for example).

[0026] The present method and system is presented as an instance of abstract interpretation, a technique whereby a formal correspondence between the actual semantics of a program and the semantics assigned to it under a program analysis is constructed. The reason for this rather theoretical exposition is that the present method and system is a family of methods rather than a single method; the family members have in common that they are all approximations of a limit that is given by the concrete semantics presented below

[0027]FIG. 1 illustrates a computer system 100 representing an integrated multi-processor, in which elements of the present invention may be implemented. One embodiment of computer system 100 comprises a system bus 120 for communicating information, and a processor 110 coupled to bus 120 for processing information. Computer system 100 further comprises a random access memory (RAM) or other dynamic storage device 125 (referred to herein as main memory), coupled to bus 120 for storing information and instructions to be executed by processor 110. Main memory 125 also may be used for storing temporary variables or other intermediate information during execution of instructions by processor 110. Computer system 100 also may include a read only memory (ROM) and/or other static storage device 126 coupled to bus 120 for storing static information and instructions used by processor 110.

[0028] A data storage device 127 such as a magnetic disk or optical disc and its corresponding drive may also be coupled to computer system 100 for storing information and instructions. Computer system 100 can also be coupled to a second I/O bus 150 via an I/O interface 130. A plurality of I/O devices may be coupled to I/O bus 150, including a display device 143, an input device (e.g., an alphanumeric input device 142 and/or a cursor control device 141). For example, video news clips and related information may be presented to the user on the display device 143.

[0029] The communication device 140 is for accessing other computers (servers or clients) via a network. The communication device 140 may comprise a modem, a network interface card, or other well known interface device, such as those used for coupling to Ethernet, token ring, or other types of networks.

[0030]FIG. 2 illustrates an exemplary representation of the components of the present system and method, namely:

[0031] A concrete domain 210 which gives a meaning to values represented in binary form;

[0032] An abstract domain 220 which approximates the concrete domain 210 and which is appropriate for compile-time analysis of programs;

[0033] A concrete forward C_(f) 231 and backward C_(b) 252 semantics for basic operations on binary representations which describes their meaning in terms of the concrete domain 210; and

[0034] An abstract forward A_(f) 242 and backward A_(b) 241 semantics for the same operations which describes their meaning in terms of the abstract domain 220:

[0035] A method for computing the abstract backward semantics 241 of arbitrary boolean functions;

[0036] A representation of an abstract domain 220, illustrated in FIG. 3, that facilitates efficient program analysis using the abstract semantics A_(b) 241 and A_(f) 242.

[0037] A method for computing an abstract forward M_(f) 223 and backward meaning M_(b) 224 from a program in a compiler intermediate language;

[0038] The present method allows a number of powerful program transformations and optimizations to be performed within an optimizing compiler, assembler, or post-link (executable) optimizer.

[0039] The present method and system makes several improvements over existing methods for constant propagation:

[0040] it provides constant information at the level of individual bits for a wide class of programs and operations. This effectively enriches the notion of constant value to include many computations that are considered non-constant by alternate approaches;

[0041] it provides both forward (production) and backward (consumption) information concerning constants. The backward information enables new classes of dead code elimination, algebraic simplification, demotion for vectorization, and other optimizations;

[0042] it can be performed efficiently, in terms of both space and time; and

[0043] it is easily adapted to the analysis of assembly language and object code.

[0044] The syntax x

y indicates that x and y are partially ordered; the partial order in question will be made clear by the context. A partial order is a relation, signified herewith by “

” that is

[0045] transitive: x

y and y

z implies x

z.

[0046] reflexive: x

x is always true.

[0047] antisymmetric: (x

y) implies that either x=y or not(y

x)

[0048] For example, the relation “is a divisor of” is a partial order for positive integers. So is “less or equal” for integers. If each element is a set, then the relation “is a subset of” is a partial order. The ordering is “partial” because not all pairs of elements can be compared. For example, 2 is not a divisor of 3, nor vice-versa. When dealing with a partial order, for any two elements x or y, one of the following four situations hold:

[0049] x=y is true

[0050] x

y is true but y

x is false

[0051] y

x is true but x

y is false

[0052] both x

y and y

x are false.

[0053] In the last case, we say the values are “incomparable”.

[0054] Returning to FIG. 3, the symbol ⊥ indicates the bottom element of a lattice; it represents the least element in the partial order defined by the lattice. The symbol T 320 to denote the top element of a lattice, when it exists. It will represent the greatest element in the partial order defined by the lattice. The syntax x␣y represents the least upper bound of x and y, and x

y represents the greatest lower bound of x and y.

[0055] Concrete Domain

[0056]FIG. 4 illustrates an exemplary concrete domain according to one embodiment of-the present invention. Consider a datum in binary form as computed by a running computer program. Each bit of the datum may have been assigned a definite value, either 0 or 1, by the program, or else its value may be undefined, (⊥) having been assigned no definite value by the program. As an example of the latter, consider this example C program, and assume that unsigned integers have 32 bits:

[0057] unsigned x;

[0058] x=(x & 0x0000FFFF)|0x12340000;

[0059] x=(y & 0xFFFF0000)|00x00005678;

[0060] In this example, all 32 bits of x are initially undefined, that is, they have been assigned no definite value by the program. The upper 16 bits of x are assigned definite values by the first assignment, but the lower 16 bits remain undefined. Following the second assignment, all 32 bits of x are fully defined. This program is not intended to conform to any standard. In an alternate embodiment x may be declared to be a structure with two bit field members, each having 16 bits, in which case the two assignments may be seen as giving values to the members of x.

[0061] Just as a bit may be undefined by the computation that produces it, so a bit may be unused by the computation that consumes it. Consider for example this program, and continue to assume that integers have 32 bits:

[0062] int a, b, c, d, e;

[0063] a=1;

[0064] b=2;

[0065] c=a+b;

[0066] d=c=<<16;

[0067] e=c & 0x0000FFFF;

[0068] In this example, c is assigned the 32-bit sum of a and b. The upper 16 bits of c are unused by the assignment to d, which shifts them away. They are likewise unused by the assignment to e, which masks them away. This example illustrates that many operations are insensitive to the values of some bits of their inputs, in that they would produce an equivalent output even if the values of those bits in their inputs were undefined.

[0069] A computation is unaffected by bits that are undefined or unused by it. A bit that is defined but unused by a computation may be replaced by an undefined bit without changing the result of the computation. A bit that is used but undefined by a computation may (depending on the applicable language standard) render the computation itself, in whole or in part, undefined or illegal and therefore eligible for elimination or transformation.

[0070] At any moment during a computation, it may be asked of any bit what value has been assigned to it by the computation to this point, and what value will be demanded of it by the remaining computation. The former is referred to as the forward value of the bit and the latter as the backward value of the bit respectively. The portion of the computation that produces the bit being examined is the prefix of the computation, and the portion of the computation that consumes the bit is the continuation of the computation. The possibilities for each bit can be summarized by the lattice 400 of FIG. 4.

[0071] The bottom element here, symbolized by ⊥, represents an undefined bit in the case of a forward value, and an unused bit in the case of a backward value. The partial order defined by the lattice is information content. That is, more information is put into a fully-defined (0 or 1) bit by the program than is put into an undefined bit. In the backward sense, more information is demanded of a bit that is used than is demanded of a bit that is unused.

[0072] The domain above associates a value of 0 or 1 with the use of a bit in the continuation of the program: The backward value of a bit is the lowest value (in terms of the concrete lattice) that is sufficient to produce the output required of the computation (according to the standard meaning of the computation). The backward and the forward value of a bit can never be incomparable (as would happen if, say, the forward value were 0 whereas the backward value were 1); for this condition would mean that the continuation of a computation required that the bit have a different value from that assigned to it by the prefix of the computation (according to the standard meanings of the prefix and the continuation). Such nonsensical meanings are ruled out as plainly unrealizable: the continuation of a computation must be given a meaning that is consistent with that given to the prefix in order for us to reason about (and realize) the computation. Consequently the backward value of a bit will always be comparable to (

) the forward value for the same bit.

[0073] Concrete Semantics

[0074] Forward Semantics of Primitive Boolean Functions

[0075] The semantics of the bitwise operators (AND, OR, and NOT) are formulated on individual bits. Since these operators are bitwise, the meaning of AND, OR, and NOT on entire words will follow immediately: the meaning of each bit in the result will be the result of applying the single-bit meaning to the corresponding bits of the inputs. TABLE 1 AND ⊥ 0 1 ⊥ ⊥ 0 ⊥ 0 0 0 0 1 ⊥ 0 1

[0076] TABLE 2 OR ⊥ 0 1 ⊥ ⊥ ⊥ 1 0 ⊥ 0 1 1 1 1 1

[0077] TABLE 3 NOT ⊥ ⊥ 0 1 1 0

[0078] Tables 1, 2, and 3 above correspond exactly to the usual definitions of AND, OR, and NOT, in the case of 0 and 1 inputs. The AND and OR operators, however, produce non-⊥ results given ⊥ as an input, under some circumstances. They are said to be non-strict in that they do not require fully defined inputs in order to produce a fully defined output. This is a matter of definition; that is, they may be defined as producing a ⊥ result whenever presented with ⊥ on either input. The definition above, however, corresponds more precisely to the way they are used in assembly language programming and programming language implementation. For example, a program fragment like this

[0079] struct S {unsigned a:28; unsigned b:4 } x;

[0080] x.a=0x1234567;

[0081] x.b=0x8;

[0082] might be implemented in assembly language by something equivalent to the following:

[0083] unsigned x;

[0084] x=(x & 0xFFFFFFF0)|=(0x1234567<<4);

[0085] x=(x & 0x0000000F)|=0x8;

[0086] The first assignment to x defines the upper 28 bits (field a) and the second assignment defines the lower 4 bits . The intermediate language generated for a bitfield assignment will ordinarily not take into account (and cannot take into account in general) whether the word into which the bitfield is being inserted has been previously initialized to a well-defined value. Thus bitwise operators are employed in their capacity to operate on undefined values. The same holds true for shift operators, which play a similar role in intermediate language (we will consider shift operators shortly).

[0087] The correctness of these definitions comes from the fact that these operators as generally realized in digital circuits do in fact behave as documented in the above tables. The reason is simply that undefined values in ordinary digital circuits are either 0 or 1. The AND or OR circuit never sees, in reality, a physical signal corresponding to ⊥, it sees only 0 or 1; when ⊥ is written it means that it is not known which of these it is, that the program has not defined the bit to be one or the other. If uninitialized values in a computer circuit could correspond to something other than 0 or 1, it might well invalidate our assumptions concerning the behavior of AND, OR, and NOT on undefined values.

[0088] The functions defined by the above tables are noted by AND(a,b), OR(a,b), and NOT(a). For example, AND(0,⊥)=0, because the AND table gives 0 as the result of AND given inputs 0 and ⊥.

[0089] Consider Table 1 for AND above. The sub-table defined by columns and rows labeled 0 or 1 is identical to the familiar 2×2 boolean truth table for AND. The table has been extended to account for the possibility that one or both inputs may be ⊥. The particular extension chosen is monotonic, which is a kind of continuity in a function that says that as an input is raised from an undefined (⊥) value to a fully-defined value (0 or 1), the output of the function either rises or stays the same; in particular the output does not fall or move laterally from 0 to 1 or vice versa. The condition for the monotonicity of AND for example is that:

x

y

AND(x, z)

AND(y, z)∀x,y,z

[0090] It is easily verified that the tables written for AND, OR, and NOT are the maximal monotonic functions that are consistent with the basic 2-valued boolean functions AND, OR, and NOT, in that if any ⊥ in the output of the function were replaced by 0 or 1, the monotonicity of the function would be lost.

[0091] The semantics of complex boolean functions follows immediately from the AND, OR, and NOT tables above, provided that we can express the complex function in terms of AND, OR, and NOT operations. For example the XOR operator:

x⊕y=OR(AND(x, NOT(y)), AND(y, NOT(x)))

[0092] is shown in Table 4, which is derived by simple application of the tables for AND, OR, and NOT to the XOR equation: TABLE 4 XOR ⊥ 0 1 ⊥ ⊥ ⊥ ⊥ 0 ⊥ 0 1 1 ⊥ 1 0

[0093] Backward Semantics of Primitive Boolean Functions

[0094] Consider the assignment

[0095] x=y & z;

[0096] Suppose it is known that x is used in the continuation of this computation and that its value is 0. This demand on x translate into demands on y and z in that y and z must be sufficiently well-defined to cause x to be 0, but they need be no better defined. So y and z are defined so that they cause x to become 0, and nothing further (at least from the point of view of this single program fragment and what is known of the demands placed on x by the continuation). This idea may be captured in tables that are, in effect, the inverses of those given above for AND, OR, and NOT: TABLE 5 AND⁻¹ (input_(f1) input_(f2) output_(b)) input_(b1) input₂ XX⊥ ⊥⊥ 0X0 0⊥ X00 ⊥0 111 11

[0097] TABLE 6 OR⁻¹ (input_(f1) input_(f2) output_(b)) input_(b1) input_(b2) XX⊥ ⊥⊥ 1X1 1⊥ X11 ⊥1 000 00

[0098] TABLE 7 NOT⁻¹ (output_(b)) input_(b) ⊥ ⊥ 0 1 1 0

[0099] Consider Table 5 for AND⁻¹. It maps a pair of forward values for the inputs along with a backward value for the output, to a pair of backward values for the inputs. In other words, they map a demand on the output to a demand on the inputs, given the forward value of the inputs. The Xs in the table represent don't care values; i.e., any of ⊥, 0, or 1 can be substituted for the X. Since we require that the backward semantics be consistent with the forward semantics, the forward values are used for the inputs to the operator to obtain backward values for the input that are comparable to them.

[0100] Table 5 for AND⁻¹ is ambiguous concerning the input 000; this case matches both 0X0 and X00. Either result (0⊥ or ⊥0) is correct; that is, the continuation will obtain the 0 it demands provided that either of the inputs to the AND are 0. Because of this ambiguity, there are in general multiple backward meanings for a program that are consistent with its forward meaning.

[0101] Interestingly, this is also a point where the function is non-monotonic. That is, either 000→⊥0 or 000→0⊥ is chosen, and in either case the choice will cause the function to be non-monotonic. If we choose 000→⊥0 is chosen, then since 0⊥0→0⊥, the situation occurs that a rise in the second argument from ⊥ to 0 causes a fall in the first output bit from 0 to ⊥; and similarly if we choose 000→0⊥ is chosen.

[0102] Note that NOT⁻¹ is defined independently of forward values: the requirements on its input are uniquely determined by its output, and they are necessarily consistent with the forward values for the inputs.

[0103] The syntax AND₁ ⁻¹(x,y,z) represents the first bit returned by AND⁻¹ (i.e., the backward value of the first input), and AND₂ ⁻¹ to represent the second bit returned by AND⁻¹ (i.e., the backward value of the second input). These bits are indicated in Tables 5,6, and 7 as input_(b1) and input_(b2) in the AND⁻¹ table. A similar notation for OR₁ ⁻¹ and OR₂ ⁻¹ is used.

[0104] Backward Semantics of Complex Boolean Functions

[0105] It may be desired to compute the backward semantics of an operator that is a complex expression over AND, OR, NOT, and one-bit variables. For example, consider the X0R operator:

x⊕y=OR(AND(x, NOT(y)), AND(y, NOT(x)))

[0106] Here two one-bit variables, x and y, and an expression over x and y in terms of OR, AND, and NOT exist. Given a backward value for the OR(AND(x, NOT(y)), AND(y, NOT(x))) term as a whole, and forward values for the term and all of its subterms, the inverse operators OR⁻¹, AND⁻¹, and NOT⁻¹ may be applied top-down in order to derive backward values for x and y as well as all the other subterms. If it is assumed that the backward value for the term as a whole is 1, and that x and y have forward values of 0 and 1 respectively. Then the procedure for computing the backward value of each of the subterms is illustrated in the following Table 8: TABLE 8 forward value forward value backward value backward value x⊕y argument 1 argument 2 backward value argument 1 argument 2 OR(AND(x,NOT(y)),AND(y,NOT(x))) 0 1 1 ⊥ 1 AND(x,NOT(y)) 0 0 ⊥ ⊥ ⊥ x ⊥ NOT(y) 1 ⊥ ⊥ y ⊥ AND(y,NOT(x)) 1 1 1 1 1 y 1 NOT(x) 0 1 0 x 0

[0107] The forward values are obtained from the forward semantics for AND, OR, and NOT, given forward values for x and y of 0 and 1 respectively. The initial backward value (1) for the term as a whole is given , and backward values for each of the subterms are derived. Working top-down: first apply OR⁻¹ to the forward values of the subexpressions of the OR and the backward value of the term as a whole. The first subterm of the OR−AND(x,NOT(y))−has a forward value of 0, and the second subterm of the OR−AND(y,NOT(x))−a forward value of 1. Given these three inputs (011), OR⁻¹ is applied to obtain ⊥1 as the backward values of the first and second input respectively. The process continues by descending into the first and second subterms of the OR with the appropriate backward value in hand. The result is that x is encountered twice during the traversal, once within a NOT expression, and once as an argument to AND. Those two occurrences of x are determined by the semantics described as having different backward values. In the rows labeled x in Table 8, one of these rows, the backward value is given as ⊥, while in the other it is 0. Since x represents one and the same bit of input in both cases, the backward value of the variable x must be computed by joining (␣) the backward values for each occurrence of x in the term. In this case the backward value for x in the term as a whole is 0.

[0108] Procedure Invert-expression

[0109] To summarize the above procedure for computing the backward semantics of a boolean function of 1-bit variables: the function is expressed in terms of AND, OR, and NOT, and then, given a backward value for the term as a whole and forward value for each of its inputs, the operators AND⁻¹, OR⁻¹, and NOT⁻¹ are applied to the expression top-down in order to obtain backward values for each of its subterms. The backward value for each occurrence of a variable in the term is joined in order to obtain the backward value for the variable in the term as a whole. This is referred to as procedure invert-expression in the text that follows.

[0110] This procedure may be used to create an inverse in tabular form for a complex operation, like XOR, one row at a time. In this case the results obtained from this procedure are shown in Table 9: TABLE 9 XOR⁻¹ (input_(f1) input_(f2) output_(b)) input_(b1) input_(b2) XX⊥ ⊥⊥ 000 00 011 01 101 10 110 11

[0111] The highlighted row is the one computed above.

[0112] Forward Semantics of Operations on Words

[0113] The semantics presented heretofore are for operations on a single bit. Consider the extension of these semantics to operations on words. A word may be denoted in one of two ways. The individual bit values may be written next to one another, as in 01⊥0 (a 4-bit word). When richer expressions are needed for some of the bits, the bits of the word will be put between angle brackets <>, and separate them by commas, as in <AND(0,1), OR(1,0)>(a 2-bit word).

[0114] All operations on words can be seen as a collection of operations on individual bits, one such operation for each bit in the result word. Taking this view, each of the input words is merely a sequence of bits, and by naming each of the bits within the input words, the case of an operation on words is reduced to operations on individual bits that have already been considered.

[0115] Bitwise Boolean Operators

[0116] In the case of the bitwise operators—AND, OR, NOT—the semantics of an operation on words is simply the single-bit semantics applied bitwise to the inputs. For example, AND(<a,b>,<c,d>)=<AND(a,b), AND(c,d)> gives the formula for AND applied to 2-bit words. The general forms are simply:

[0117] AND(<a_(n),a_(n−1), . . .a₁>, <b_(n),b_(n−1), . . . ,b₁>)=<AND(a_(n),b_(n)),AND(a_(n−1),b_(n−1)), . . . ,AND(a₁,b₁)>

[0118] OR(<a_(n),a_(n−1), . . .a₁>,<b_(n),b_(n−1), . . . ,b₁>)=<OR(a_(n),b_(n)),OR(a⁻¹,b_(n−1)), . . . ,OR(a₁,b₁)>

[0119] NOT(<a_(n),a_(n−1), . . . a₁>)=<NOT(a_(n)),NOT(a_(n−1)), . . . ,NOT(a₁)>

[0120] Shift Operators

[0121] Shift operators simply move bits around within a word, introducing either 0s or copies of the MSB, depending on the kind of shift. All shift operators may be characterized by writing the semantics of a shift by a single bit position:

[0122] LEFT(<a_(n),a_(n−1), . . . ,a₁>)=<a_(n−1),a_(n−2), . . . ,0>

[0123] URIGHT(<a_(n),a_(n) ⁻¹, . . . ,a₁>)=<0,a_(n),a_(n−1), . . . ,a₂>

[0124] SRIGHT(<a_(n),a_(n) ⁻¹, . . . ,a₁>)=<a_(n),a_(n),a_(n−1), . . . ,a₂>

[0125] Here, URIGHT represents a logical (unsigned) right shift, and SRIGHT a signed (arithmetic) right shift, by one bit.

[0126] Other Operators

[0127] The forward semantics of any binary operation on words can be expressed as a word of operations on individual bits. For example, addition on 2-bit integers can be expressed as

ADD(<a,b>, <c,d>)=<a⊕c⊕AND(b,d), b⊕d>

[0128] where

x⊕y=OR(AND(x, NOT(y)), AND(y, NOT(x)))

[0129] Hence in this case we simply have two operations on the bits a, b, c, and d, one operation to produce the LSB of the sum, another to produce the MSB. Note that the bitwise and shift operators on words are simply special cases of an operation on words that can be expressed in terms of AND, OR, NOT over 1-bit variables.

[0130] Backward Semantics of Operations on Words

[0131] Exactly the same reasoning applies in the backward direction; that is, by viewing an operation on words as a sequence of operations on bits, the technique may be applied for computing backward semantics to operations on words.

[0132] Bitwise Boolean Operators

[0133] We can easily extend the inverses AND⁻¹, OR⁻¹, and NOT⁻¹ to operations on words:

[0134] AND⁻¹(<a_(n),a_(n−1), . . . a₁>,<b_(n),b_(n−1), . . . ,b₁>,<c_(n),c_(n−1), . . . ,c₁,>)=(<AND₁ ⁻¹(a_(n),b_(n),c_(n)),AND₁ ⁻¹(a_(n−1),b_(n−1),c_(n−1)), . . . ,AND₁ ⁻¹(a₁,b₁,c₁)>, <AND₂ ⁻¹(a_(n),b_(n),c_(n)),AND₂ ⁻¹(a_(n−1),b_(n−1),c_(n−1)), . . . ,AND₂ ⁻¹(a_(a),b₁,c₁)>)

[0135] OR⁻¹(<a_(n),a_(n−1), . . . a₁>,<b_(n),b_(n−1), . . . ,b₁>,<c_(n),c_(n−1), . . . ,c₁)=(<OR₁ ⁻¹(a_(n),b_(n),c_(n)),OR₁ ⁻¹(a_(n−1),b_(n−1),c_(n−1)), . . . ,OR₁ ⁻¹(a₁,b₁,c₁)>,

[0136] <OR₂ ⁻¹(a_(n),b_(n),c_(n)),OR₂ ⁻¹(a_(n−1),b_(n−1),c_(n−1)), . . . ,OR₂ ⁻¹(a₁,b₁,c₁)>)

[0137] NOT⁻¹(<a_(n),a_(n−1), . . . a₁>)=<NOT⁻¹(a_(n)),NOT⁻¹(a_(n−1)), . . . ,NOT⁻¹(a₁)>

[0138] As in the case of the single-bit versions, here the arguments to AND⁻¹ and OR⁻¹ are the forward values of the inputs and the backward value of the output. The result is two words, one representing the backward value of the first input, the other representing the backward value of the second input. In the case of NOT⁻¹, the result is simply a word representing the backward value of the input.

[0139] Shift Operators

[0140] The backward semantics of shift operators simply transmit the demands on their outputs through to their inputs. For example, it may be written that:

[0141] LEFT⁻¹(<a_(n),a_(n−1), . . . ,a₁>)=<⊥,a_(n),a_(n−1), . . . ,a₂>

[0142] URIGHT⁻¹(<a_(n),a_(n−1), . . . ,a₁>)=<a_(n−1),a_(n−2), . . . ,a₁,⊥>

[0143] SRIGHT⁻¹(<a_(n),a_(n−1), . . . ,a₁>)=<a_(n)␣a_(n−1),a_(n−2), . . . ,a₁,⊥>

[0144] Note that the semantics of SRIGHT⁻¹ reflect the fact that the sign bit is copied by the SRIGHT operator. This is an example of joining the backward values of all occurrences of a variable (the sign bit of the input, in this case) in order to produce the backward value of the variable in an expression in which it occurs more than once

[0145] Other Operators

[0146] Procedure invert-expression given above inverts a complex operation on single bits. This procedure may be applied directly to operations on words, when they are expressed in terms of AND, OR, and NOT (or in terms of other operators whose inverses were derived above, as was done in the case of XOR above). The inverse of an n-ary operation on words is n words of bitwise inverses, one such word for each of the arguments to the operator. Consider the equation for a 2-bit ADD:

ADD(<a,b>, <c,d>)=<XOR(a,XOR(c,AND(b,d))), XOR(b,d)>

[0147] Procedure invert-expression shows how to construct the inverse of an expression on single bits. Each bit in the word produced by ADD is such an expression. These single-bit inverses are functions from three bits (two forward value inputs and one backward value output) to two bits (two backward value inputs). Let us call these inverses F and G here, so that:

[0148] ADD⁻¹(<a,b>, <c,d>, <e,f>)=(<F₁(a_(f),b_(f),e_(b)), G₁(c_(f),d_(f),f_(b))>, <F₂(a_(f),b_(f),e_(b)), G₂(c_(f),d_(f),f_(b))>)

[0149] The notation a_(f) may be used to refer to the forward value of the variable a, and the notation e_(b) to refer to the backward value of variable e. As before, the notation F₁ and F₂ may be used to indicate the function F restricted to one bit of output (first and second bit respectively). The inverse ADD⁻¹ produces two words, one representing the backward value of the word <a,b>, the other representing the backward value of the word <c,d>.

[0150] Abstract Domain

[0151] The abstraction, or systematic approximation, of the above concrete semantics may be considered in order to obtain a semantics that is appropriate for static program analysis.

[0152] The concrete domain exhibited above gives a meaning to one bit within one value that is produced by a computation and consumed by the continuation of that computation. By abstraction of this domain obtains a domain that speaks of the meaning of a bit over several different computations or at different points in a single computation. It is this kind of reasoning—about sets of computations rather than single computations—that is required for static analysis.

[0153] Consider the abstract domain of FIG. 3. The elements of the abstract domain are 0_(A), 1_(A), ⊥_(A), T_(A). Each abstract domain element represents a downward closed subset of the concrete domain. Such an abstract domain is known as a Hoare power domain. If a bit is described by an element of this abstract domain, then its value is one of the concrete domain elements contained in the abstract element. For example, if a bit is described by the abstract value 1_(A), it is known that its value in the concrete domain is either ⊥ or 1. It may be that the bit is undefined on one program execution path and defined to be 1 on a different program path, and that the abstract value 1_(A) has been used to summarize the set of possibilities for the bit over both execution paths. In the backward sense, the abstract value of 1_(A) means that the value is either unused in the continuation or else is used as the value 1. Note that this domain allows us to say when a value is definitely undefined or unused (this situation is represented by ⊥_(A)) but not to say when a value is definitely defined or definitely used: the abstract value 0_(A), for example, includes both the concrete ⊥ and 0 as possibilities.

[0154] Abstract Semantics

[0155] Abstract Forward Semantics of Primitive Boolean Functions TABLE 10 AND ⊥_(A) 0_(A) 1_(A) T_(A) ⊥_(A) ⊥_(A) 0_(A) ⊥_(A) 0_(A) 0_(A) 0_(A) 0_(A) 0_(A) 0_(A) 1_(A) ⊥_(A) 0_(A) 1_(A) T_(A) T_(A) 0_(A) 0_(A) T_(A) T_(A)

[0156] TABLE 11 OR ⊥_(A) 0_(A) 1_(A) T_(A) ⊥_(A) ⊥_(A) ⊥_(A) 1_(A) 1_(A) 0_(A) ⊥_(A) 0_(A) 1_(A) T_(A) 1_(A) 1_(A) 1_(A) 1_(A) 1_(A) T_(A) 1_(A) T_(A) 1_(A) T_(A)

[0157] TABLE 12 NOT ⊥_(A) ⊥_(A) 0_(A) 1_(A) 1_(A) 0_(A) T_(A) T_(A)

[0158] Tables 10, 11 and 12 illustrate the AND, or, and NOT functions over the abstract domain of FIG. 3. When it is not clear from the context whether reference is made to AND in the concrete domain or AND in the abstract domain, AND_(abstract) or AND_(concrete) will be written.

[0159] Some of the entries in the table above may be surprising at first glance; AND(⊥_(A),T_(A))=0_(A), for example. Each entry has been derived by joining the concrete cases it represents. The formula for AND in the abstract domain is for example:

AND_(abstract)(x, y)=␣{Abs(AND_(concrete)(a, b))|aεx, bεy}

[0160] The function Abs is simply the obvious injection of the concrete domain into the abstract domain: ⊥→⊥_(A), 0→0_(A), 1→1_(A). In other words, each concrete domain element is mapped to the least abstract domain element that contains it.

[0161] In the case of AND(⊥_(A),T_(A)), the above equation resolves to

AND(⊥,⊥)␣AND(⊥,0)␣AND(⊥,1)=⊥_(A)␣0_(A)␣⊥_(A)=0_(A)

[0162] The Abs notation has been omitted since it is known by one of ordinary skill in the art.

[0163] Abstract Backward Semantics of Primitive Boolean Functions

[0164] The inverses of AND, OR, and NOT may be derived over the abstract domains from their concrete counterparts in exactly the same way as AND, OR, and NOT over the abstract domain, namely by joining all the concrete cases represented by each abstract case. Tables 13, 14, and 15 result are as follows: TABLE 13 AND⁻¹ (input_(f1) input_(f2) output_(b)) input_(b1) input _(b2) XX⊥_(A) ⊥_(A)⊥_(A) 0_(A)⊥_(A)0_(A) 0_(A)⊥_(A) 0_(A)1_(A)0_(A) 0_(A)⊥_(A) ⊥_(A)0_(A)0_(A) ⊥_(A)0_(A) 1_(A)0_(A)0_(A) ⊥_(A)0_(A) 0_(A)0_(A)0_(A) 0_(A)0_(A) 0_(A)T_(A)0_(A) 0_(A)0_(A) T_(A)0_(A)0_(A) 0_(A)0_(A) 1_(A)1_(A)1_(A) 1_(A)1_(A) 1_(A)T_(A)1_(A) 1_(A)1_(A) T_(A)1_(A)1_(A) 1_(A)1_(A) T_(A)T_(A)1_(A) 1_(A)1_(A) 1_(A)T_(A)T_(A) 1_(A)T_(A) T_(A)1_(A)T_(A) T_(A)1_(A) T_(A)T_(A)T_(A) T_(A)T_(A)

[0165] TABLE 14 OR⁻¹ (input_(f1) input_(f2) output_(b)) input_(b1) input_(b2) XX⊥_(A) ⊥_(A)⊥_(A) 1_(A)⊥_(A)1_(A) 1_(A)⊥_(A) 1_(A)0_(A)1_(A) 1_(A)⊥_(A) ⊥_(A)1_(A)1_(A) ⊥_(A)1_(A) 0_(A)1_(A)1_(A) ⊥_(A)1_(A) 1_(A)1_(A)1_(A) 1_(A)1_(A) 1_(A)T_(A)1_(A) 1_(A)1_(A) T_(A)1_(A)1_(A) 1_(A)1_(A) 0_(A)0_(A)0_(A) 0_(A)0_(A) 0_(A)T_(A)0_(A) 0_(A)0_(A) T_(A)0_(A)0_(A) 0_(A)0_(A) T_(A)T_(A)0_(A) 0_(A)0_(A) 0_(A)T_(A)T_(A) 0_(A)T_(A) T_(A)0_(A)T_(A) T_(A)0_(A) T_(A)T_(A)T_(A) T_(A)T_(A)

[0166] TABLE 15 NOT⁻¹ (output_(b)) input_(b) ⊥_(A) ⊥_(A) 0_(A) 1_(A) 1_(A) 0_(A) T_(A) T_(A)

[0167] Given that backward values are consistent with (not higher than) the corresponding forward values, so these tables omit those cases in which output_(b) is higher than the output_(f) that would be produced by AND, OR, or NOT from the values of input_(f1) and input_(f2).

[0168] These tables are weaker than their concrete counterparts in two important cases: AND⁻¹(000), and OR⁻¹(111). In the concrete case, when an AND produces a zero, one of the inputs to the AND can be given a backward value of ⊥; the remaining input can provide the 0 that is necessary to cause an output of 0. In the abstract case, however, a 0_(A) represents both a fully-defined 0 and ⊥. The case of AND⁻¹(0_(A)0_(A)0_(A)) therefore includes both the concrete cases of AND⁻¹(0⊥0) and AND⁻¹(⊥00). Therefore, it is not known which of the inputs may be given a backwards value of ⊥_(A). The case of OR⁻¹(1_(A)1_(A)1_(A)) is analogous. Recall that these two cases were those, which caused AND⁻¹ and OR⁻¹ over the concrete domain to be non-monotonic. Their abstract counterparts are monotonic, which has the advantage that it guarantees the convergence of the program analysis that is based on them.

[0169] To be able to assert a backward value of ⊥ provides important information that it is worth additional effort. The case of an AND operation in which one of the operands is an immediate constant (an expression like x & 0xFFFF0000 in a C program), shows that the immediate constant provides a concrete value of 0 or 1 and not an abstract value of 0_(A) or 1_(A). Tables 16 and Table 17 result when these AND-with-immediate and OR-with-immediate operations are inverted: TABLE 16 AND_(k) ⁻¹ 0 (immediate) 1 (immediate) ⊥_(A) ⊥_(A) ⊥_(A) 0_(A) ⊥_(A) 0_(A) 1_(A) ⊥_(A) 1_(A) T_(A) ⊥_(A) T_(A)

[0170] TABLE 17 OR_(k) ⁻¹ 0 (immediate) 1 (immediate) ⊥_(A) ⊥_(A) ⊥_(A) 0_(A) 0_(A) ⊥_(A) 1_(A) 1_(A) ⊥_(A) T_(A) T_(A) ⊥_(A)

[0171] The horizontal axis corresponds to the immediate (constant) input to the AND or OR, and the vertical axis corresponds to the result (output) from the AND or OR. The values within the table are the backward value of the varying input to the AND or OR. As can be seen, AND_(k) ⁻¹ in this case produces a backwards value of ⊥ whenever its immediate input is 0, and OR_(k) ⁻¹ produces a backwards value of ⊥ when its immediate input is 1. By considering the immediate 0 and 1 as concrete values, and working through the concrete values represented by each of the abstract output values, the table will be seen to follow directly from the concrete inverses for AND⁻¹ and OR⁻¹. Note that AND_(k) ⁻¹ and OR_(k) ⁻¹ are monotonic (for the reason that ⊥ is not a possibility for the immediate input).

[0172] Abstract Forward Semantics of Complex Boolean Functions

[0173] The observations we made concerning forward semantics of complex functions of 1-bit variables in the concrete domain hold, mutatis mutandis, in the abstract domain. Namely, the forward abstract semantics of such a function follows from the abstract semantics of AND, OR, and NOT applied to the expression of the function in terms of these primitive boolean operations. For example, the abstract semantics of the XOR operator

x⊕y=OR(AND(x, NOT(y)), AND(y, NOT(x)))

[0174] results with Table 18, which can be derived by application of the tables for AND, OR, and NOT in the abstract domain to the XOR equation: TABLE 18 XOR ⊥_(A) 0_(A) 1_(A) T_(A) ⊥_(A) ⊥_(A) ⊥_(A) ⊥_(A) ⊥_(A) 0_(A) ⊥_(A) 0_(A) 1_(A) T_(A) 1_(A) ⊥_(A) 1_(A) 0_(A) T_(A) T_(A) ⊥_(A) T_(A) T_(A) T_(A)

[0175] There is however a second route possible in computing the abstract semantics of a complex function: one may first compute its concrete semantics, and inject the result into the abstract domain. In the case of XOR we would write

XOR_(abstract)(x,y)=LI {XOR_(concrete)(a,b)|aεx, bεy}

[0176] where XOR_(concrete) is the concrete forward semantics for XOR. It can be shown that the same result is obtained regardless of the route taken; this is due to the fact that our abstract domain is a distributive lattice, and that AND, OR, and NOT are monotonic functions over this lattice (and hence, functions that are compositions of AND, OR, and NOT are likewise monotonic).

[0177] Abstract Backward Semantics of Complex Boolean Functions

[0178] The abstract backward semantics of complex one bit operations can likewise be obtained by the procedure outlined for the computation of backward values for complex operations in the concrete domain (see the derivation of the table for XOR⁻¹ above). The operation is expressed under consideration in terms of AND, OR, and NOT, and then, given a backward value for the term as a whole and forward values for each of its inputs. The abstract operators AND⁻¹, OR⁻¹, and NOT⁻¹ are applied to the expression top-down in order to obtain backward values for each of the subterms. The backward value for each occurrence of a variable in the term is joined together in order to obtain the backward value for the variable in the term as a whole.

[0179] As in the case of the forward semantics of such operations, there is a second route possible for deriving the abstract backward semantics, namely, by computing the concrete backward semantics, and injecting this concrete semantic into the abstract domain. In the case of the forward abstract semantics, these routes result in the same abstract semantics; but in the backward case this is not so, because of the non-monotonicity of AND⁻¹ and OR⁻¹. Consider this expression:

OR(AND(a, AND(b, NOT(b))), b)

[0180] If a concrete AND⁻¹ is used that maps 000 to ⊥0, then the concrete backward semantics for this expression will assign a backward value of ⊥ to a (for all backward values for the expression as a whole and for all forward values for a and b). The abstraction of this concrete backward semantic will likewise assign a backward value of ⊥_(A) to a. If the backward semantics are constructed for this expression by working in the abstract domain (beginning with an abstract value for the expression as a whole and abstract forward values for a and b, and applying AND⁻¹, OR⁻¹, and NOT⁻¹ in the abstract domain to derive abstract backward values for each subterm), a is given a backward abstract value of 0_(A). The reason, as indicated earlier, is that AND⁻¹ in the abstract domain is weaker than its concrete counterpart, at exactly the point where the concrete AND⁻¹ is non-monotonic. Note that either route gives a correct result, and the top-down compositional procedure is the basis for a practical method when backward values need be computed from a single-tuple of forward values and a backward value for the term as a whole. But to compute the inverse in the concrete domain and afterwards inject the result into the abstract domain will in general give a more accurate result. In this particular example, if the term AND(b, NOT(b)) is simplified to an immediate 0, then we could apply AND_(k) ⁻¹ and not AND⁻¹, and the result would be that the two routes to a backward semantics would yield identical results.

[0181] Abstract Semantics of Operations on Words

[0182] The extension of the abstract semantics from a single bit to a word mirrors the concrete case exactly. In particular, the following formulas are identical in the concrete and abstract cases:

[0183] AND(<a_(n),a_(n−1), . . . a₁>,<b_(n),b_(n−1), . . . ,b₁>)=<AND(a_(n),b_(n)),AND(a_(n−1),b_(n−1)), . . . ,AND(a₁,b₁)>

[0184] OR(<a_(n),a_(n−1), . . . a₁>,<b_(n),b_(n−1), . . . ,b₁>)=<OR(a_(n),b_(n)),OR(a_(n−1),b_(n−1)), . . . ,OR(a₁,b₁)>

[0185] NOT(<a_(n),a_(n−1), . . . a₁>)=<NOT(a_(n)),NOT(a_(n−1)), . . . ,NOT(a₁)>

[0186] LEFT(<a_(n),a_(n−1), . . . ,a₁>)=<a_(n−1),a_(n−2), . . . , 0_(A)>

[0187] URIGHT(<a_(n),a_(n−1), . . . ,a₁>)=<0_(A),a_(n),a_(n−1), . . . ,a₂>

[0188] SRIGHT(<a_(n),a_(n−1), . . . ,a₁>)=<a_(n),a_(a),a_(n−1), . . . ,a₂>

[0189] Likewise for the backward abstract semantics:

[0190] AND⁻¹(<a_(n),a_(n−1), . . . a₁>,<b_(n),b_(n−1), . . . ,b₁>, <c_(n),c_(n−1), . . . ,c₁>)=(<AND₁ ⁻¹(a_(n),b_(n),c_(n)),AND₁ ⁻¹(a_(n−1),b_(n−1),c_(n−1)), . . . ,AND₁ ⁻¹(a₁,b₁,c₁)>,

[0191] <AND₂ ¹(a_(n),b_(n),c_(n)),AND₂ ⁻¹(a_(n−1),b_(n−1),c_(n−1)), . . . ,AND₂ ⁻¹(a₁,b₁,c₁)>)

[0192] OR⁻¹(<a_(n),a_(n−1), . . . a₁>,<b_(n),b_(n−1), . . . ,b₁>, <c_(n),c_(n−1), . . . ,c₁>)=(<OR₁ ⁻¹(a_(n),b_(n),c_(n)),OR₁ ⁻¹(a_(n−1),b_(n−1),c_(n−1)), . . . ,OR₁ ⁻¹(a₁,b₁,c₁)>,

[0193] <OR₂ ⁻¹(a_(n),b_(n),c_(n)),OR₂ ⁻¹(a_(n−1),b_(n−1),c_(n−1)), . . . ,OR₂ ⁻¹(a₁,b₁,c₁)>)

[0194] NOT⁻¹(<a_(n),a_(n−1), . . . a₁>)=<NOT⁻¹(a_(n)),NOT⁻¹(a_(n−1)), . . . ,NOT⁻¹(a₁)>

[0195] LEFT⁻¹(<a_(n),a_(n−1), . . . ,a₁>)=<⊥_(A),a_(n),a_(n−1), . . . ,a₂>

[0196] URIGHT⁻¹(<a_(n),a_(n−1), . . . ,a₁>)=<,a_(n−1)a⁻², . . . ,a₁, ⊥_(A)>

[0197] SRIGHT⁻¹(<a_(n),a_(n−1), . . . ,a₁>)=<a_(n)␣a_(n−1),a_(n−2), . . . ,a₁, ⊥_(A)>

[0198] As mentioned, above the abstract backward semantics obtained by first computing the concrete backward semantics using procedure “invert-expression” and projecting the result into the abstract domain may be more accurate than the abstract backward semantics obtained by direct application of procedure invert-expression in the abstract domain; but the latter is sometimes a more practical technique, because it can be applied to a single-tuple of abstract values, for example, during program analysis, in cases where it might be impractical to compute the concrete backward semantics for an operation. This observation applies to operations on words as well as to operations on single bits.

[0199] Analysis Method

[0200] The abstract forward and backward semantics, such as A_(f) 242 and A_(f) 241 may be rendered directly as a program analysis method for the purpose of bit-level constant propagation. The input to the method is a program represented in an intermediate language. The syntax for the intermediate language used to illustrate the method is given below. The result of the method is a map from aliases to abstract values. Abstract values are a simple representation of words whose bits belong to the abstract domain, such as domain 300 of FIG. 3 defined above. The term alias is defined below.

[0201] Representing Abstract Values

[0202] An element of the abstract domain 300 may be represented using two bits, there being four elements in the domain. By choosing the meaning of the bits carefully, however, the common operations on words may be made efficient. By designating the two bits as Z and O, and considering the following encoding of Table 19: TABLE 19 abstract Z 0 value 0 0 ⊥_(A) 0 1 0_(A) 1 0 1_(A) 1 1 T_(A)

[0203] In this representation, bit Z represents the “zero-ness” of a bit, and O represents the “one-ness” of the bit. A bit that has neither zero-ness nor one-ness is ⊥_(A); a bit that has both is T_(A).

[0204] Let AbstractValue be a structure with two integer members, called ZERO and ONE. For our purposes it is immaterial whether ZERO and ONE are signed or unsigned integers; because explicitly signed or unsigned operations will be used upon them where the distinction matters. An AbstractValue represents a single word W in the program being analyzed. The l^(th) bit in W is represented by the l^(th) bit of ZERO and the l^(th) bit of ONE; these two corresponding bits from ZERO and ONE make up the <Z,O> pair that describes the l^(th) bit of W. ZERO and ONE have the same number of bits as W.

[0205] As an example, suppose that W has 4 bits, and there is one execution path on which W has the (concrete) value 0⊥01 and another on which it has the value 0⊥11. Then the abstract value of W is (at least) 0_(A)⊥_(A)T_(A)1_(A). This abstract value will be represented as an AbstractValue structure whose ZERO member is 1010 and whose ONE member is 0011. The two is within the ZERO member indicate that three of W s bits can be 0, and the two 1s within the ONE member indicate that two of W s bits can be 1. The ZERO and ONE members together form four <Z,O> pairs, each describing a single bit of W: <1,0>, <0,0>, <1,1>, and <0,1> respectively. Referring to the Z/O table above if may be seen that these pairs correspond to the abstract values ⊥_(A), ⊥_(A), T_(A), and 1_(A) respectively.

[0206] If V is an AbstractValue then V.ZERO and V.ONE may be written to refer to the members of V. AbstractValue(A,B) may be written to indicate the construction of an AbstractValue whose ZERO member is A and whose ONE member is B. INT is used to denote the type of ZERO and ONE in the pseudocode below.

[0207] This choice of representation for words in the abstract domain means that the basic operations on abstract values may be efficiently implemented. The procedures for ␣(JOIN), ·(MEET),

(LE), AND, OR, NOT, LEFT, SRIGHT, and URIGHT on the AbstractValue type are as follows:

[0208] AbstractValue JOIN(AbstractValue V1, AbstractValue V2)

[0209] {

[0210] return AbstractValue(V1.ZERO|V2.ZERO, O1.ONE|02.0NE)

[0211] }

[0212] AbstractValue MEET(AbstractValue V1, AbstractValue V2)

[0213] {

[0214] return AbstractValue(V1.ZERO & V2.ZERO, O1.ONE & O2.0NE)

[0215] }

[0216] bool LE(AbstractValue V1, AbstractValue V2)

[0217] {

[0218] return (V1.ZERO|V2.ZERO)==V2.ZERO && (V1.ONE|V2.0NE)==

[0219] V2.0NE

[0220] }

[0221] AbstractValue And(AbstractValue V1, AbstractValue V2)

[0222] {

[0223] return AbstractValue(V1.ZERO|V2.ZERO, O1.ONE & O2.0NE)

[0224] }

[0225] AbstractValue Or(AbstractValue V1, AbstractValue V2)

[0226] {

[0227] return AbstractValue(V1.ZERO & V2.ZERO, O1.ONE|O2.0NE)

[0228] }

[0229] AbstractValue Not(AbstractValue V1)

[0230] {

[0231] return AbstractValue(V1.ONE, V1.ZERO)

[0232] }

[0233] AbstractValue Left(AbstractValue V1)

[0234] {

[0235] return AbstractValue(˜(˜V1.ZERO<<1), V1.ONE<<1)

[0236] }

[0237] AbstractValue SRight(Abstractvalue V1)

[0238] {

[0239] return AbstractValue(˜(˜V1.ZERO>>>1), V1.ONE>>>1)

[0240] }

[0241] AbstractValue URight(Abstractvalue V1)

[0242] {

[0243] return AbstractValue(˜(˜V1.ZERO>>1), V1.ONE>>1)

[0244] }

[0245] The syntax >>> is written to indicate an arithmetic right shift (shift with sign-extension), and >> to indicate a logical right shift (shift with zero-extension). It is easy to verify that these functions implement exactly the abstract semantics of AND, OR, NOT, LEFT, SRIGHT, and URIGHT presented earlier.

[0246] If the program analyzed uses more than one word size, more than one AbstractValue type may be needed, one for each word size, or else a single AbstractValue type with bits enough for the largest word size being analyzed, along with additional logic in the operations on AbstractValues to send the excess bits to ⊥ or to otherwise be ignored.

[0247] void And_inv(AbstractValue B, AbstractValue& V1, AbstractValue& V2)

[0248] {

[0249] V1.ONE=V2.0NE=(V1.ONE & V2.0NE)

[0250] V1.ZERO &=B.ZERO

[0251] V1.0NE &=B.ONE

[0252] V2.ZERO &=B.ZERO

[0253] V2.0NE &=B.ONE

[0254] }

[0255] void Or_inv(AbstractValue B, AbstractValue& V1, AbstractValue& V2)

[0256] {

[0257] V1.ZERO=V2.ZERO=(V1.ZERO & V2.ZERO)

[0258] V1.ZERO &=B.ZERO

[0259] V1.ONE &=B.ONE

[0260] V2.ZERO &=B.ZERO

[0261] V2.ONE &=B.ONE

[0262] }

[0263] void Not_inv(AbstractValue B, AbstractValue& V1)

[0264] {

[0265] V1.ZERO &=B.ONE

[0266] V1.ONE &=B.ZERO

[0267] }

[0268] void Left_inv(AbstractValue B, AbstractValue& V1)

[0269] {

[0270] V1.ZERO &=B.ZERO>>1

[0271] V1.ONE &=B.ONE>>1

[0272] }

[0273] void SRight_inv(AbstractValue B, AbstractValue& V1)

[0274] {

[0275] V1.ZERO &=(B.ZERO<<1)|SignBitOnly(B.ZERO)

[0276] V1.ONE &=(B.ONE<<1)|SignBitOnly(B.ONE)

[0277] }

[0278] void URight_inv(AbstractValue B, AbstractValue& V1)

[0279] {

[0280] V1.ZERO &=B.ZERO<<1

[0281] V1.ONE &=B.ONE<<1

[0282] }

[0283] INT SignBitOnly(INT X)

[0284] {

[0285] int N=sizeof(X)*CHAR_BIT

[0286] return X>>(N−1)<<(N−1)

[0287] }

[0288] An Example Intermediate Language

[0289] The intermediate language contains two operations for operating on the state of the computer: a GET expression for reading from memory or registers, and a PUT expression for writing to memory or registers. It is assumed that all operations on the state are performed using these operations; that is, none of the other operations in the language have implicit side-effects on the state, at least not on the state that is subject to analysis by this method. Every PUT and GET in the program is assumed to have associated with it an alias, such that if two GETs or PUTs have different aliases, then there is no execution of the program under which those GETs and PUTs access the same storage location (memory address or register). Aliases are therefore an equivalence relation on the GETs and PUTs of the program such that all potentially dependent GETs and PUTs are assigned the same alias. In the case of a compiler temporary variable, virtual register, or other storage location that is accessed simply and transparently by the program, the GETs and PUTs that access that temporary variable or virtual register will have the same alias, and no other PUTs and GETs in the program will have the same alias. Any alias analysis method that partitions the memory accesses of the program into equivalence classes according to potential dependence is adequate for the purpose of computing a correct set of aliases from the program; of course a sharper alias analysis method will yield a more precise result from the bitwise constant propagation method.

[0290] The representation of control flow in the intermediate language is irrelevant to the method, as the method is flow-insensitive.

[0291] For purposes of exposition, it is assumed that the statements of the intermediate language have the following syntax:

[0292] S: (PUT AE)

[0293] E: (INTEGER [T] Z)

[0294] |(BITAND EE)

[0295] |(BITOR EE)

[0296] |(BITNOT E)

[0297] |(LEFT E E)

[0298] |(SRIGHT E E)

[0299] |(URIGHT E E)

[0300] |(OP E E)

[0301] |(GET [T] A)

[0302] A: alias

[0303] Z: integer

[0304] T: integer (number of bits)

[0305] The expressions of this language are typed by their size in bits. A type is written as [T], where T is the number of bits. For example, [10] denotes a 10-bit type. The atomic forms—INTEGER and GET—include a type specifier, whereas the remaining, compound forms have an implicit type which can be deduced from the types of their subexpressions.

[0306] (PUT A E): This is the (abstract) form of a statement that writes to a storage location (memory or register). The expression E gives the value which is written to the location. A is an alias. The aliases must have the property that, given two GET or PUT expressions X1 and X2 whose aliases are different, there must be no execution of the program such that X1 and X2 access the same storage location.

[0307] In reality, an assignment to memory must include an expression for the address that is written, and an assignment to a register must include a specification of the register that is written; these are absent from our PUT expression, which has only an expression E for the value which is written to the memory location or register. This is because the information required by the method concerning the storage location affected by the PUT is summarized in the alias A associated with the PUT. A PUT expression yields no value; it is as though its type were [0].

[0308] (INTEGER [T] Z): This is the expression for an integer constant of T bits. Z is an integer that gives the value of the constant. For example, (integer [10] 17) is a 10-bit integer whose value is 17, or 0000010001 in binary.

[0309] (BITAND E E): This expression returns the bitwise AND of its two arguments. The types of the two arguments must be equal and the type of the result is that of the arguments.

[0310] (BITOR E E): This expression returns the bitwise OR of its arguments.

[0311] (BITNOT E): This expression returns the bitwise complement of its argument. The type of the result is the type of the argument.

[0312] (LEFT E): This expression returns the result of shifting its argument left by 1 bit. The vacated bit position is zero-filled.

[0313] (SRIGHT E): This expression returns the result of shifting its argument right by the 1 bit. The vacated bit position is filled with a copy of the most significant bit of the argument.

[0314] (URIGHT E E): This expression returns the result of shifting its argument right by the 1 bit. The vacated bit position is zero-filled.

[0315] (GET [T] A): This is the (abstract) form of an operation that reads from the state of the computer.

[0316] The method will first be described in terms of the foregoing primitive constructs, and afterwards discuss other operations and syntactic forms and how the method is applied to them.

[0317] A Method for Optimizing an Implementation of a Programming Language

[0318] According to one embodiment, FIG. 5 illustrates a flow diagram of a method 500 for optimizing an implementation of a programming language. The implementation of a programming language that is optimized may be an assembly language compiler, C compiler, C++ compiler, Computer Aided Design compiler or similar compilation mechanism. With compilers such as these, one or more values are generally computed by a program written in the programming language. The process begins at start block 501. At processing block 505, each bit of the program is analyzed separately including representing each bit within a value of the one or more values as an abstract element of a lattice having a set of abstract elements including 0_(A), 1_(A), ⊥_(A) and T_(A). The lattice is an abstraction of a concrete domain containing 0, 1, and ⊥. In one embodiment, the analysis of each bit occurs concurrently or in parallel, wherein another embodiment, a batch analysis of bits is performed, but still on a bit-by-bit basis. Flow continues to processing block 510 where the process analyzes the requirements of the inputs of the compiler including analyzing the input bits that are input to an operation in terms of the output bits that are produced by the operation. For example, the inputs may be defined (either 0 or 1) or the inputs may be undefined (⊥). In addition, in the concrete domain, the operation performed on the inputs may be boolean functions such as AND, OR, and NOT, or complex boolean functions.

[0319] At processing block 515, a forward abstract semantic is applied to the inputs. The forward abstract semantic is associated with the forward concrete semantic (boolean operation), to provide an abstract result from the concrete inputs. The abstract result is an approximation of a more exact meaning that is generally computed by a compiler. For example, if the exact meaning is a floating point number, the result could be the exact meaning rounded up to the nearest integer. Flow continues to processing block 525 where the resulting value is analyzed for each forward abstract semantic performed on the inputs, including analyzing one or more output bits that are produced by an operation in terms of one or more input bits that are input to the operation. Knowing what forward abstract semantic was applied to the inputs, the method determines if an alternate set of inputs may be used to generate the same exact result value. Thus, alternate input values are generated.

[0320] In processing block 530, the resulting abstract value is represented on an abstract lattice having the elements 0_(A), 1_(A), ⊥_(A) and T_(A). The abstract lattice is an abstraction of a concrete domain having the elements 0, 1, and ⊥. A backward abstract semantic is applied at processing block 540. The backward semantic is an approximation of a backward concrete semantic including AND⁻¹, OR⁻¹, and NOT⁻¹ (or other complex boolean backward semantics). The result of the abstract backward semantic is a set of inputs that may be different than the original inputs, but that will provide the same result.

[0321] Flow continues to processing block 545 where the inputs are analyzed to determine if they are partially constant values (as described above). At processing block 550, the compilation is optimized. For example, inputs that do not contribute to the result can be discarded. The process ends at block 599.

[0322] In an alternate embodiment, the method proceeds in two phases. In the first phase, a bipartite graph G is built over the aliases and PUT statements of the program. This graph expresses the flow of values between statements of the program. G is a kind of dependence flow graph. This graph can be either intraprocedural or interprocedural in scope, and the method operates intraprocedurally or interprocedurally accordingly.

[0323] In the second phase, the method maintains a set of nodes of G which are ready for processing. It then repeatedly removes and processes nodes from this set until the set is empty. If a processed node is a PUT statement, it evaluates the statement (by symbolically executing it), updates the abstract value associated with an alias of the PUT, and adds the alias to the working set if the updated value for the alias has changed. If the processed node is an alias, the method simply adds its successors in G to the set for evaluation.

[0324] Bitwise Constant Propogation Method

[0325] Let S be the number of PUT statements in the program. Let A be the number of aliases associated with the GETs and PUTs of the program. Let N=S+A. Let G be a graph on N nodes (with no edges initially), and let there be a one-to-one correspondence between the nodes of G and the PUT statements and aliases of the program. Let Q be a set of nodes of G, initially empty.

[0326] AbstractValue ForwardValue [A];

[0327] AbstractValue BackwardValue [A];

[0328] Phase 1

[0329] For each alias M:

[0330] add an edge to G from the node corresponding to each PUT statement whose alias is M to the node corresponding to M

[0331] add an edge to G from the node corresponding to M to the node corresponding to each PUT statement that contains a GET whose alias is M

[0332] Phase 2

[0333] For each alias M:

[0334] ForwardValue[M]=InitialForwardValue(M)

[0335] Add the node corresponding to M to Q.

[0336] While Q is nonempty, do:

[0337] Let n be an element of Q. Remove n from Q.

[0338] If n corresponds to an alias, add the successors of n in G to Q.

[0339] If n corresponds to a statement of the form (PUT A E1), do:

[0340] let V=Eval_forward(E1)

[0341] if not(LE(V, ForwardValue[A])) then

[0342] ForwardValue[A]=JOlN(ForwardValue[A], V)

[0343] Add A to Q

[0344] Phase 3

[0345] For each alias M:

[0346] BackwardValue[M]=InitialBackwardValue(M)

[0347] Add the nodes corresponding to M to Q.

[0348] While Q is nonempty, do:

[0349] Let n be an element of Q. Remove n from Q.

[0350] If n corresponds to an alias, add the predecessors of n in G to Q.

[0351] If n corresponds to a statement of the form (PUT A E1), do:

[0352] let V=BackwardValue[A]

[0353] Eval_backward(E1, V)

[0354] end Bitwise Constant Propogation Method

[0355] The ForwardValue for each alias M is set to InitialForwardValue(M) at the outset of phase 2. The InitialForwardValue for an alias must reflect the initial state of memory for that alias and/or assignments to the alias that occur outside of and prior to the program text under analysis. For example, if the alias represents a memory location(s) that may be initialized statically, the InitialForwardValue for that alias must be high enough to represent the value of the static initializers. Similarly, the BackwardValue for each alias M is set to InitialBackwardValue(M) at the outset of phase 3. InitialBackwardValue for an alias must reflect any final uses for the alias, i.e., references that occur outside of and following the program text under analysis. For example, if an alias represents a global variable that may be read after execution of the program fragment being analyzed, then InitialBackwardValue for that alias must be high enough to represent the demand imposed by the use.

[0356] AbstractValue Eval_forward (Expression E) { case E of (BITAND E1 E2): return BitAnd(Eval_forward(E1), Eval_forward(E2)) (BITOR E1 E2): return BitOr(Eval_forward(E1), Eval_forward(E2)) (BITNOT E1): return BitNot(Eval_forward(E1)) (LEFT E1 E2): return Left(Eval_forward(E1), Eval_forward(E2)) (SRIGHT E1 E2): return SRight(Eval_forward(E1), Eval_forward(E2)) (URIGHT E1 E2): return URight(Eval_forward(E1), Eval_forward(E2)) (GET [T] A): return ForwardValue[A] }

[0357] void Eval_backward(Expression E, AbstractValue F) { AbstractValue V1, V2 case E of (BITAND E1 E2): V1 = Eval_Forward(E1) V2 = Eval_Forward(E2) BitAnd_inv(F, V1, V2) Eval_Backward(E1, V1) Eval_Backward(E2, V2) (BITOR E1 E2): V1 = Eval_Forward(E1) V2 = Eval_Forward(E2) BitOr_inv(F, V1, V2) Eval_Backward(E1, V1) Eval_Backward(E2, V2) (BITNOT E1): V1 = Eval_Forward(E1) BitNot_inv(F, V1) Eval_Backward(E1, V1) (LEFT E1 E2): V1 = Eval_Forward(E1) Left_inv(F, V1) Eval_Backward(E1, V1) (SRIGHT E1 E2): V1 = Eval_Forward(E1) SRight_inv(F, V1) Eval_Backward(E1, V1) (URIGHT E1 E2): V1 = Eval_Forward(E1) URight_inv(F, V1) Eval_Backward(E1, V1) (GET [T] A): if not(LE(F, Backward Value[A])) then Backward Value[A] = JOIN(BackwardValue[A], F) Add A to Q }

[0358] Note that the size of G (nodes+edges) is linear in the program text size. This follows from the fact that number of aliases in the program is less than the combined number of GETs and PUTs in the program, and hence the number of nodes in the graph is fewer than the number of GETs plus twice the number of PUTs in the program. The number of edges in G is no greater than the number of GETs plus the number of PUTs in the program.

EXAMPLE

[0359] Consider the following program in a C-like notation:

[0360] extern unsigned a, b, c, d, e, f;

[0361] static unsigned v, w, x, y, z;

[0362] v=a;

[0363] w=(v & 0xFFF0)|(b & 0x000F);

[0364] x=(w & 0xFF0F)|(c & 0x00F0);

[0365] y=(x & 0xF0FF)|(d & 0x0F00);

[0366] z=(y & 0x0FFF)|(e & 0xF000);

[0367] f=z;

[0368] Variables a through f are external, and are assigned initial forward and backward values of top (T_(A)T_(A). . . T_(A)) to represent their initial definitions and final uses. Variables v through z are static (local), and we will assign them initial forward and backward values are assigned of bottom (⊥_(A)⊥_(A) . . . ⊥_(A)). This program is translated into statements in our intermediate language as follows:

[0369] (PUT v (GET [16] a))

[0370] (PUT w (BITOR (BITAND (GET [16] v) (INTEGER [16] 0xFFF0))

[0371] (BITAND (GET [16] b) (INTEGER [16]0x000F))))

[0372] (PUT x (BITOR (BITAND (GET [16] w) (INTEGER [16] 0xFF0F))

[0373] (BITAND (GET [16] c) (INTEGER [16] 0x00F0))))

[0374] (PUT y (BITOR (BITAND (GET [16] x) (INTEGER [16] 0xF0FF))

[0375] (BITAND (GET [16] d) (INTEGER [16] 0x0F00))))

[0376] (PUT z (BITOR (BITAND (GET [16] y) (INTEGER [16] 0x0FFF))

[0377] (BITAND (GET [16] e) (INTEGER [16] 0xF000))))

[0378] (PUT f (get [16] z))

[0379] The variable names themselves, are used as aliases, since there are no interesting alias relations in this program.

[0380] Bitwise Constant Propogation Method computes a ForwardValue of all top bits (T_(A)T_(A)T_(A)T_(A) T_(A)T_(A)T_(A)T_(A) T_(A)T_(A)T_(A)T_(A) T_(A)T_(A)T_(A)T_(A)) for all 11 of the aliases in the program. It computes the following BackwardValue array:

[0381] BackwardValue[a]=T_(A)T_(A)T_(A)T_(A)T_(A)T_(A)T_(A)T_(A)T_(A)T_(A)T_(A)T_(A)T_(A)T_(A)T_(A)T_(A)

[0382] BackwardValue[b]=T_(A)T_(A)T_(A)T_(A)T_(A)T_(A)T_(A)T_(A)T_(A)T_(A)T_(A)T_(A)T_(A)T_(A)T_(A)T_(A)

[0383] BackwardValue[c]=T_(A)T_(A)T_(A)T_(A)T_(A)T_(A)T_(A)T_(A)T_(A)T_(A)T_(A)T_(A)T_(A)T_(A)T_(A)T_(A)

[0384] BackwardValue[d]=T_(A)T_(A)T_(A)T_(A)T_(A)T_(A)T_(A)T_(A)T_(A)T_(A)T_(A)T_(A)T_(A)T_(A)T_(A)T_(A)

[0385] BackwardValue[e]=T_(A)T_(A)T_(A)T_(A)T_(A)T_(A)T_(A)T_(A)T_(A)T_(A)T_(A)T_(A)T_(A)T_(A)T_(A)T_(A)

[0386] BackwardValue[f]=T_(A)T_(A)T_(A)T_(A)T_(A)T_(A)T_(A)T_(A)T_(A)T_(A)T_(A)T_(A)T_(A)T_(A)T_(A)T_(A)

[0387] BackwardValue[v]=⊥_(A)⊥_(A)⊥_(A)⊥_(A) ⊥_(A)⊥_(A)⊥_(A)⊥_(A) ⊥_(A)⊥_(A)⊥_(A)⊥_(A) ⊥_(A)⊥_(A)⊥_(A)⊥_(A)

[0388] BackwardValue[w]=⊥_(A)⊥_(A)⊥_(A)⊥_(A) ⊥_(A)⊥_(A)⊥_(A)⊥_(A) ⊥_(A)⊥_(A)⊥_(A)⊥_(A) T_(A)T_(A)T_(A)T_(A)

[0389] BackwardValue[x]=⊥_(A)⊥_(A)⊥_(A)⊥_(A) ⊥_(A)⊥_(A)⊥_(A)⊥_(A) T_(A)T_(A)T_(A)T_(A) T_(A)T_(A)T_(A)T_(A)

[0390] BackwardValue[y]=⊥_(A)⊥_(A)⊥_(A)⊥_(A) T_(A)T_(A)T_(A)T_(A)T_(A)T_(A)T_(A)T_(A)T_(A)T_(A)T_(A)T_(A)

[0391] BackwardValue[z]=T_(A)T_(A)T_(A)T_(A)T_(A)T_(A)T_(A)T_(A)T_(A)T_(A)T_(A)T_(A)T_(A)T_(A)T_(A)T_(A)

[0392] The method therefore reveals that variable v is unused by the computation.

[0393] Extensions and Applications

[0394] The method can be applied to virtually any operation that is a combinator of values (as opposed to, for example, an operation that reads the time or that has internal state). It is not necessary to use the most accurate (lowest) approximation of an operator in the forward direction; any approximation that produces a result that is at least as high as the lowest abstraction thereof is correct. To be specific, it is suggested that

f(x)

g(x)

[0395] where f is the least approximation of the operation and g is a less precise but still correct approximation. It is important however that the approximation used for an operator in the forward direction be consistent with that used in the backward direction. If h is the inverse (backward semantics) of an operator, then we must have that

x

g(h(x))

[0396] where g is the chosen approximation of the operator in the forward direction. To see why, consider a simple pair of assignments (PUT y (INTEGER [16] 0x0000)) (PUT x (BITAND y 0x0000)). Suppose an approximation is used of BITAND that produces a ⊥ bit in any position where either of its inputs is ⊥; but that the backward semantics for BITAND that is based on our discussion above is continued to be used, and therefore that delivers ⊥ backward values from some non-⊥ outputs. In a first analysis, it maybe concluded that y has a backward value of all ⊥ bits; that is, that y is unused. Its assignment may be deleted. If done however, a second analysis would conclude that x is undefined, whereas the original program clearly assigned x a value of 0x0000.

[0397] The method can be applied to an intermediate language in SSA form. In this case, a phi node is interpreted as a JOIN in the forward semantics, and as a simple transmitter of backward values in the backward analysis (the forward value for each input to the phi function is met (via

) with the backward value for the phi to produce the backward value for the input).

[0398] It is straightforward to make this analysis conditional in the same sense that conditional constant propagation methods are conditional; namely, assignments that are guarded by conditionals are not activated until it is determined that the predicates that guard them are true. Method BCP can be trivially modified, by adding a notion of activated nodes in G, to provide this additional power.

[0399] A method and system for bidirectional bitwise constant propagation by abstract interpretation is disclosed. Although the present invention has been described with respect to specific examples and subsystems, it will be apparent to those of ordinary skill in the art that the invention is not limited to these specific examples or subsystems but extends to other embodiments as well. The present invention includes all of these other embodiments as specified in the claims that follow. 

We claim: 1). A method, comprising: optimizing an implementation of a programming language, comprising; analyzing one or more values computed by a program written in the programming language, wherein analyzing one or more values comprises; representing each bit within a value of the one or more values as an abstract element of a lattice having a set of abstract elements including 0_(A), 1_(A), ⊥_(A) and T_(A), wherein the lattice is an abstraction of a concrete domain containing 0, 1, and ⊥; analyzing one or more output bits that are produced by an operation in terms of one or more input bits that are input to the operation; and analyzing the input bits that are input to the operation in terms of the output bits that are produced by the operation. 2). The method of claim 1, wherein optimizing further comprises: applying a forward abstract semantic to the abstract element; and applying a backward abstract semantic to the abstract element; wherein the forward abstract semantic is an approximation of a forward concrete semantic including AND, OR, and NOT; and wherein the backward abstract semantic is an approximation of a backward concrete semantic including AND⁻¹, OR⁻¹, and NOT⁻¹. 3). The method of claim 2, further comprising: identifying the values within the program as partially constant values. 4). The method of claim 3, wherein the backward abstract semantic is for a complex boolean function including LEFT⁻¹, URIGHT⁻¹, JOIN⁻¹, MEET⁻¹, LE⁻¹ and SRIGHT¹, and wherein the forward abstract semantic is for the complex boolean function including LEFT, URIGHT, JOIN, MEET, LE, and SRIGHT. 5). The method of claim 4, wherein the program is represented in an intermediate language. 6). The method of claim 5, wherein the implementation is a compiler for the programming language. 7). The method of claim 5, wherein the implementation is a computer aided design compiler for the programming language. 8). A computer-readable medium having stored thereon a plurality of instructions, said plurality of instructions when executed by a computer, cause said computer to perform: optimizing an implementation of a programming language, comprising; analyzing one or more values computed by a program written in the programming language, wherein analyzing one or more values comprises; representing each bit within a value of the one or more values as an abstract element of a lattice having a set of abstract elements including 0_(A), 1_(A), ⊥_(A) and T_(A), wherein the lattice is an abstraction of a concrete domain containing 0, 1, and ⊥; analyzing one or more output bits that are produced by an operation in terms of one or more input bits that are input to the operation; and analyzing the input bits that are input to the operation in terms of the output bits that are produced by the operation. 9). The computer-readable medium of claim 8 having stored thereon additional instructions, said additional instructions when executed by a computer for optimizing, cause said computer to further perform: applying a forward abstract semantic to the abstract element; and applying a backward abstract semantic to the abstract element; wherein the forward abstract semantic is an approximation of a forward concrete semantic including AND, OR, and NOT; and wherein the backward abstract semantic is an approximation of a backward concrete semantic including AND⁻¹, OR⁻¹, and NOT⁻¹. 10). The computer-readable medium of claim 9 having stored thereon additional instructions, said additional instructions when executed by a computer, cause said computer to further perform: identifying the values within the program as partially constant values. 11). The computer-readable medium of claim 10, wherein the backward abstract semantic is for a complex boolean function including LEFT⁻¹, URIGHT⁻¹, JOIN⁻¹, MEET⁻¹, LE⁻¹ and SRIGHT⁻¹, and wherein the forward abstract semantic is for the complex boolean function including LEFT, URIGHT, JOIN, MEET, LE, and SRIGHT. 12). The computer-readable medium of claim 11, wherein the program is represented in an intermediate language. 13). The computer-readable medium of claim 11, wherein the implementation is a computer aided design compiler for the programming language. 14). A system, comprising: a processor; memory connected to the processor storing instructions for bidirectional bitwise constant propagation by abstract interpretation executed by the processor; storage connected to the processor that stores a software program having a plurality of separately compilable routines, wherein the processor optimizes an implementation of a programming language, by analyzing one or more values computed by a program written in the programming language, wherein analyzing one or more values comprises; representing each bit within a value of the one or more values as an abstract element of a lattice having a set of abstract elements including 0_(A), 1_(A), ⊥_(A) and T_(A), wherein the lattice is an abstraction of a concrete domain containing 0, 1, and ⊥; analyzing one or more output bits that are produced by an operation in terms of one or more input bits that are input to the operation; and analyzing the input bits that are input to the operation in terms of the output bits that are produced by the operation. 15). The system of claim 14, wherein the processor further optimizes by applying a forward abstract semantic to the abstract element; and applying a backward abstract semantic to the abstract element; wherein the forward abstract semantic is an approximation of a forward concrete semantic including AND, OR, and NOT; and wherein the backward abstract semantic is an approximation of a backward concrete semantic including AND⁻¹, OR⁻¹, and NOT⁻¹. 16). The system of claim 15, wherein the processor identifies the values within the program as partially constant values. 17). The system of claim 16, wherein the backward abstract semantic is for a complex boolean function including LEFT⁻¹, URIGHT¹, JOIN⁻¹, MEET⁻¹, LE⁻¹ and SRIGHT⁻¹, and wherein the forward abstract semantic is for the complex boolean function including LEFT, URIGHT, JOIN, MEET, LE, and SRIGHT. 18). The system of claim 17, wherein the program is represented in an intermediate language. 19). The system of claim 18, wherein the implementation is a compiler for the programming language. 20). The system of claim 19, wherein the implementation is a computer aided design compiler for the programming language. 21). A system, comprising: means for optimizing an implementation of a programming language, comprising; means for analyzing one or more values computed by a program written in the programming language, wherein analyzing one or more values comprises; means for representing each bit within a value of the one or more values as an abstract element of a lattice having a set of abstract elements including 0_(A), 1_(A), ⊥_(A) and T_(A), wherein the lattice is an abstraction of a concrete domain containing 0, 1, and ⊥; means for analyzing one or more output bits that are produced by an operation in terms of one or more input bits that are input to the operation; and means for analyzing the input bits that are input to the operation in terms of the output bits that are produced by the operation. 22). The system of claim 21, wherein the means for optimizing further comprises: means for applying a forward abstract semantic to the abstract element; and means for applying a backward abstract semantic to the abstract element; wherein the forward abstract semantic is an approximation of a forward concrete semantic including AND, OR, and NOT; and wherein the backward abstract semantic is an approximation of a backward concrete semantic including AND⁻¹, OR⁻¹, and NOT⁻¹. 23). The system of claim 22, further comprising: means for identifying the values within the program as partially constant values. 24). The system of claim 23, wherein the backward abstract semantic is for a complex boolean function including LEFT⁻¹, URIGHT¹, JOIN⁻¹, MEET⁻¹, LE⁻¹ and SRIGHT¹, and wherein the forward abstract semantic is for the complex boolean function including LEFT, URIGHT, JOIN, MEET, LE, and SRIGHT. 25). The system of claim 24, wherein the program is represented in an intermediate language. 26). The system of claim 25, wherein the implementation is a compiler for the programming language. 27). The system of claim 26, wherein the implementation is a computer aided design compiler for the programming language. 